From: William Roberts <[email protected]> In type_set_expand: When nprim, the table index counter, is greater than the value of initizalized entries in the type_val_to_struct[] array, detect this as invalid and return an error.
Signed-off-by: William Roberts <[email protected]> --- libsepol/src/expand.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c index 0ad57f5..e6d3ef1 100644 --- a/libsepol/src/expand.c +++ b/libsepol/src/expand.c @@ -2514,6 +2514,10 @@ int type_set_expand(type_set_t * set, ebitmap_t * t, policydb_t * p, if (i > p->p_types.nprim - 1) goto err_types; + if (!p->type_val_to_struct[i]) { + goto err_types; + } + if (p->type_val_to_struct[i]->flavor == TYPE_ATTRIB) { if (ebitmap_union -- 1.9.1 _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
